GMX Reimburses $44M to GLP Holders After $42M Arbitrum Exploit

Generated by AI AgentCoin World
Thursday, Aug 14, 2025 10:29 am ET1min read
AVAX
--
BTC
--
Aime RobotAime Summary

- GMX V1's reentrancy vulnerability enabled a $42M exploit via flash loan-driven GLP price manipulation on July 9, 2025.

- The attacker returned 90% of stolen funds after GMX offered a 10% bounty, with $44M in GLV tokens distributed as compensation.

- Compensation included $42M recovered assets plus $2M from GMX treasury, split into diversified crypto-stablecoin pairs.

- A $500K GLV incentive pool was launched to reward long-term holders, aiming to rebuild protocol trust post-exploit.

- The incident highlights DeFi security risks, with 2025 H1 crypto breaches exceeding $2.2B due to wallet compromises and phishing.

On July 9, 2025, a reentrancy vulnerability in GMX V1's contract allowed an attacker to exploit the protocol's Arbitrum GLP pool and drain $42 million in assets [1]. The exploit occurred by manipulating assets-under-management (AUM) calculations, which enabled the attacker to withdraw more than their deposited value by artificially inflating GLP prices using a flash loan [1]. GMX confirmed the breach was due to a structural issue in its V1 contract, where pricing calculations and executions occurred across separate contracts, allowing this manipulation to take place [1].

In response, GMX paused trading on

Avalanche
, engaged with security partners and infrastructure providers, and initiated direct on-chain communication with the attacker [1]. The project offered a 10% white-hat bounty for the return of 90% of the stolen funds, an offer that was accepted by the attacker [1].

To fully compensate affected Arbitrum GLP holders, GMX announced on July 16, 2025, that it will distribute $44 million in GLV tokens. The payout includes $42 million in recovered funds and an additional $2 million from the GMX treasury [1]. The compensation will be issued as equal portions of GLV [BTC-USDC] and GLV [WETH-USDC], reflecting a diversified mix of 25%

Bitcoin
, 25% Ether, and 50% stablecoins [1].

Additionally, GMX has launched a $500,000 GLV incentive pool to encourage long-term holding, offering pro-rata rewards to users who retain their distributed GLV for at least three months without selling or transferring [1]. The move aims to restore trust in the protocol and provide a fair resolution to those impacted by the exploit.

The GMX V1 exploit highlights ongoing challenges in decentralized finance (DeFi) security. While the project has since upgraded to GMX V2, which centralizes pricing and execution within a single contract to mitigate such risks [1], the incident underscores the importance of continuous security audits and rapid incident response in the DeFi ecosystem.

According to CertiK, the first half of 2025 saw over $2.2 billion in losses from crypto hacks, scams, and breaches, with wallet compromises and phishing attacks being the most common [1]. The GMX exploit adds to this growing trend, emphasizing the need for users to remain vigilant and adopt robust security practices such as hardware wallets and cautious link verification [1].

Source: [1] Hacked Perp DEX GMX to Repay $44M to Arbitrum GLP Holders After Exploit (https://cryptonews.com/news/hacked-perp-dex-gmx-to-repay-44m-to-arbitrum-glp-holders-after-exploit/)

Crypto Signal

Trade Smarter: Get Crypto Signals for AVAX and Gain an Edge.

Comments



Add a public comment...
No comments

No comments yet